Last year I set up VNC Server in Fedora Core 5 (see below), and the instructions I followed had the added bonus of giving me resumable sessions, so that the remote session continues between client sessions. There is a long thread about setting up the same scenario in Ubuntu: http://ubuntuforums.org/ showthread.php?t=122402 The discussion started as a howto on January 27, 2006 and it is ongoing as of a week ago. (And then today since I plan to point to this post from there.) It has carried on through a few versions of Ubuntu and had most of what I needed to get VNC working on GNOME in Ubuntu 6.10 (Edgy Eft), although it took the better part of a morning to piece together. Thanks to Tichondrius who posted the original instructions that I’ve built on below, and all of the posters who contributed further ideas and solutions. I’ll try to present a coherent narrative of the install, but in reality I went back and forth, trying lots of different things, and probably did things that in the end weren’t necessary. I’ll mention some of the gotchas as I go and recap some others at the end. There are also a few errors and nags remaining that don’t seem to cause any larger problems that make me want to investigate right now. There was much discussion in the big thread about issues specific to the AMD64. I completely spaced out on the fact that my system76 machine came with an AMD64 until after I had gotten things working. So I mostly ignored all that advice, probably to my detriment. My understanding of this is very sketchy. Just following along and not really understanding what I’m doing. I know there are security concerns with opening some of this up. Please don’t take my word as final, and as always: caveat emptor. Lights, Camera, Action 1. Enable Remote Access (XDMCP) * System » Administration » Login Window Ubuntu Login Window Menu Item * Tab Remote » Style: Same as Local Ubuntu Login Window, Remote Tab * Button Configure XDMCP… –> Uncheck (disable) “Honor indirect requests” Ubuntu Login Window, Remote Tab, XDMCP Edit /etc/X11/gdm/gdm.conf sudo vi /etc/X11/gdm/gdm.conf (or gksudo gedit … if you prefer) (While writing this, I notice that the file has a warning that it may be overwritten on upgrade and recommends using another .conf file. Should really look in to that…) * Find the [xdmcp] section in the file, set: Enable=True (One place suggested rebooting after editing.) * Find: # The greeter for xdmcp logins, usually you want a less graphically intensive # greeter here so it’s better to leave this with gdmlogin # RemoteGreeter=/usr/lib/gdm/gdmlogin And uncomment the RemoteGreeter line Again, it sounds like there are security concerns here. The config file even says in that [xdmcp] section: “Distributions: Ship with this off. It is never a safe thing to leave out on the net.” My machines aren’t directly exposed to the Internet, so I’m ok with this for now. (Although I want to understand better what the risks are and how I can minimize them.) Update, 4 May 2007: I’m not running Feisty 7.04 yet, but I booted up the Live CD to confirm that there is a new “General” tab in the Login Window Preferences dialog where you can enable multiple logins for a single user. (It’s phrased as a negative: “Disable multiple logins for a single user”. It’s checked by default so you’ll uncheck it if you want multiple logins; e.g. if you want to be logged in remotely and locally.) The Remote tab and XDMCP options in Feisty look a lot like Edgy’s, so I hope my instructions are still good in 7.04. A note about software repositories and freedom Next, the the instructions say: “Note: Before doing the next step, you need to make sure the extra repositories (e.g. universe) are enabled: http://easylinux.info/wiki/Ubuntu#How_to_add_extra_repositories” I was impatient the first time setting this up and didn’t really figure out what this meant. I felt like I was thrown in to the middle of something a lot more complicated than the VNC setup task at hand. I wanted to know what this stuff was, but not at that moment. There is a *lot* of stuff at that link, and it’s not at all clear what you’re expected to do in relation to the howto. This vague directive filled me with unease. I think I understand better now. I knew that by installing stuff with apt-get, the software had to be retrieved from somewhere, but it was all mysterious and like magic to me. Now I see that Ubuntu has a way of categorizing different repositories, shown in the screenshot below. I think the author of the howto was just pointing to the link as a shorthand reference that something needed to be enabled in order to get the required software. He was trying to explain VNC, after all, and not the world of Ubuntu software repositories. But it was disorienting and troublesome at the time. And now that I have a glimmer of what these repositories are about — this universe and multiverse and whatnot, I object to how they’re presented in that link, and this other link I followed later, for a GUI alternative: http://easylinux.info/wiki/Ubuntu#How_to_apt-get_the_easy_way_.28Synaptic.29 There’s no discussion of software freedom at these links (at least not that I saw in my brief review of them) — just the directive for you to enable access to all available repositories. I’d like to see a comment to the effect that you might not want to enable access to repositories that offer copyright encumbered and/or proprietary software. It seems this is one result of a culture where convenience is valued over principles. To see where these repositories are configured in the GUI, take a look at System » Administration » Synaptic Package Manager, and then Settings » Repositories. You might see something like this: Ubuntu Synaptic Package Manager Software Sources I discovered my system76 Ubuntu machine came with all five checkboxes enabled, so it hadn’t mattered that I didn’t understand this when I got VNC working; I already had the universe enabled. I didn’t like that multiverse and the proprietary device drivers were enabled, and I turned those off. I have mixed feelings on device drivers and get caught in the convenience trap myself. I believe hardware drivers should be free-as-in-free-speech also, but I’m willing to use some proprietary drivers to run current hardware. In the future I will try more and more to only use hardware that is supported by free drivers. 2. Install Required packages sudo apt-get install vnc4server xinetd Update, 4 May 2007: Previously there were problems with the latest vnc4server that required use of the downgraded vnc4server/edgy in the install above. I kept skipping the GUI software updater’s “Important security update” from version 4.1.1+xorg1.0.2-0ubuntu1 to 4.1.1+xorg1.0.2-0ubuntu1.6.10.1 because it would break VNC as described later in this post. Warren shared a workaround/fix for this problem that we’ll cover in step 4 below. I was finally driven to learn more about the universe and multiverse when I tried this step on my laptop. There I had installed 6.10 Edgy myself and by default the universe and multiverse were not enabled. I was getting the error: “E: Couldn’t find package vnc4server.”, which was odd and disheartening when it had worked so seemlessly before. Google brought me right back to the big Ubuntu Forums thread where I now found a post from 2 Feb 2006 more relevant. Here’s where GUIs can be nice for learning. The one link had described turning this stuff on, but it wasn’t until I finally looked at the GUI config screen that understanding started creeping in to my brain. It helped having this problem and finding the solution — it can be so much better to struggle with something for a while to get new ideas embedded in your thick skull. I do enjoy learning this stuff and tinkering; it’s just that time isn’t as good of a friend as it was when I was younger. I ignored the AMD64 note because I was oblivious to my own AMD64ness while working on this. 3. Set the VNC Password sudo vncpasswd /root/.vncpasswd 4. Add VNC Service to xinetd sudo vi /etc/xinetd.d/Xvnc (probably creates a new file) Add this: service Xvnc { type = UNLISTED disable = no socket_type = stream protocol = tcp wait = yes user = root server = /usr/bin/Xvnc server_args = -inetd :1 -query localhost -geometry 1024×768 -depth 16 -once -fp /usr/share/fonts/X11/misc -DisconnectClients=0 -NeverShared passwordFile=/root/.vncpasswd -extension XFIXES port = 5901 } You can tweak these settings, obviously. For example, you might want a bigger resolution of 1152×864 or 1280×960. The original instructions had the font path as /usr/share/X11/fonts/misc. That must have changed somewhere along the way. (Thanks to MBaran for pointing out that one.) Update, 4 May 2007: -extension XFIXES is the new setting that seems to work with the latest vnc4server. I don’t know what it is or what it’s for. Doesn’t appear in the man page. How do people find this stuff? All I know is that it’s nice when they come to me with the fix.🙂 5. Restart xinetd sudo /etc/init.d/xinetd stop sudo killall Xvnc sudo /etc/init.d/xinetd start Try it! From the machine that we just installed VNC server on, try: vncviewer localhost:1 If all went well (ha!), you should be prompted for the VNC password, and then see the GDM login screen where you can enter your Ubuntu username and password and start a new X session. Then you can move on to trying a VNC client from another GNU/Linux machine or Windows, specifying something like this for your server: 192.168.1.100::5901. Broken eggs from whence came the omelette I had lots of errors while doing this. One problem was that it wasn’t until much later that I found out how to enable XDMCP in the gdm.conf file. When I first tried vncviewer localhost:1, I got: scarpent@prometheus:~$ vncviewer localhost:1 VNC viewer version 3.3.7 – built Jul 4 2006 10:04:48 Copyright (C) 2002-2003 RealVNC Ltd. Copyright (C) 1994-2000 AT&T Laboratories Cambridge. See http://www.realvnc.com for information on VNC. ReadFromRFBServer: rdr::SystemException: read: Connection reset by peer (104) Is xinetd listening? I picked up some troubleshooting techniques from the thread. After restarting xinetd in step 5, you can check that xinetd is listening on port 5901 by doing: sudo netstat -tap | grep xinetd You should see something like: tcp 0 0 *:5901 *:* LISTEN 10932/xinetd I didn’t get that. I rebooted the machine and then saw something similar. (Just a different process id than 10932.) But I was still getting connection reset by peer. What’s going on under the covers? There is a log to check: grep xinetd /var/log/syslog From which I got lots of stuff, including: ubuntu xinetd[4829]: warning: can’t get client address: Transport endpoint is not connected ubuntu xinetd[4830]: warning: can’t get client address: Transport endpoint is not connected ubuntu xinetd[4268]: Deactivating service Xvnc due to excessive incoming connections. Restarting in 10 seconds. ubuntu xinetd[4268]: Activating service Xvnc Is Xvnc running? And: ps -ef | grep Xvnc Which told me I didn’t have Xvnc running. The thread has a way to manually start Xvnc on yet another port (5902), but I never did get that working (although it generated clues). With: Manual attempts and clues sudo Xvnc :2 -query localhost -geometry 1280×960 -depth 16 -once -fp /usr/share/X11/fonts/misc -DisconnectClients=0 -NeverShared passwordFile=/root/.vncpasswd (warning: wrong font path), and then with: vncviewer localhost:2 I got: Xvnc Free Edition 4.1.1 Copyright (C) 2002-2005 RealVNC Ltd. See http://www.realvnc.com for information on VNC. Underlying X server release 70000000, The X.Org Foundation vncext: VNC extension running! vncext: Listening for VNC connections on port 5902 vncext: created VNC server for screen 0 error opening security policy file /etc/X11/xserver/SecurityPolicy Could not init font path element /usr/share/X11/fonts/misc, removing from list! Fatal server error: could not open default font ‘fixed’ Which was hinting at the font problem that a later post explained, so really: sudo Xvnc :2 -query localhost -geometry 1280×960 -depth 16 -once -fp /usr/share/fonts/X11/misc -DisconnectClients=0 -NeverShared passwordFile=/root/.vncpasswd After finding that, I restarted the xinetd stuff again but still couldn’t find Xvnc with grep, so I tried the manual method again, this time getting: vncext: VNC extension running! vncext: Listening for VNC connections on port 5902 vncext: created VNC server for screen 0 error opening security policy file /etc/X11/xserver/SecurityPolicy FreeFontPath: FPE “/usr/share/fonts/X11/misc” refcount is 2, should be 1; fixing. vncviewer localhost:1 now prompts for password but then ReadFromRFBServer: rdr::EndOfStream vncviewer localhost:2 vncviewer: ConnectToTcpAddr: connect: Connection refused Unable to connect to VNC server What’s this XDMCP stuff? I finally got around to the XDMCP enabling in gdm.conf, rebooted, and still no Xvnc with grep, and still with the end of stream when trying to launch the local viewer. I tried with the Windows vncviewer and got a password prompt, but then connection closed. (NOTE! Update, 4 May 2007: This next part about vnc4server/edgy should be taken care of by the instructions above, so that hopefully you won’t need the older version of vnc4server. I’m leaving it in here in the hope it still may be useful as a reference/clue/hint for other searchers.) More poking around and restarting and trying the same things with the unrealistic hope of a different result, and then this, which I probably had seen more than once earlier: vncext: VNC extension running! vncext: Listening for VNC connections on port 5902 vncext: created VNC server for screen 0 error opening security policy file /etc/X11/xserver/SecurityPolicy That rang a bell, with all the discussion of the problems with the latest vnc4server. I had downgraded and upgraded several times, and now I tried downgrading again: sudo apt-get install vnc4server/edgy And… at last! Using the local vncviewer worked! (But remember, using the -extension XFIXES setting should make using the /edgy version unnecessary. And it’s possible the downgraded version doesn’t work correctly on Feisty in any case.) Open Issues Logging in from :0 and :1 at the same time If I’m logged in to the computer locally (display :0), and then I try connecting remotely with a VNC client (display :1), I get a warning that I’m already logged in, with the options to “Log in anyway” or “Abort login.” Ubuntu Already Logged In This may not be a problem. I think Fedora does something similar. But then there is a crash in Ubuntu. This only happens in the situation of logging in to both local display :0 and remote display :1 at the same time. “Bug Buddy” points the finger at Evolution (apparently): Backtrace was generated from ‘/usr/libexec/evolution-alarm-notify’. Ubuntu Evolution Alarm Crash I’m not currently using Evolution, and I don’t notice any ill effects from this. Can’t start instances of Firefox in two different sessions Trying to start Firefox results in a message box: “Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system.” Going back to the local logon, Firefox is still working fine. I wonder if this has to do with the Firefox profile? I think later I’ll try starting with a different profile to see if that works around the problem. Keyboard Settings If I log on to the local machine and then log out and then in again via VNC, or vice versa, I get a message about the X system keyboard being different from GNOME keyboard settings. Expected was model “pc105”, layout “us” and option “lv3 lv3:ralt_switch”, but the following settings were found: model “generic”, layout “us” and no options. Ubuntu Different X and GNOME Keyboard settings Don’t know what that means. Doesn’t seem to matter which I pick. I suppose I can just tell it not to warn me anymore. I’d like to know what this is about but it goes on the long list of things that can wait for later. Shared VNC Password Finally, it appears that with this method you have a single VNC password, and can only have one user connect at a time. The original HOWTO says: Note about security: This setup allows any user to start an X-session remotely by logging in using his regular password (after starting the VNC connection using the VNC password), so if the user disconnects without logging out, any other user which knows the VNC password can connect afterwards and resume the same session that the first user started. So if you do not want to log out before disconnecting, it’s advisable to at least lock your VNC X-session screen. Also note that while a remote user is connected thru VNC, no other connection will be accepted. An idle VNC client will be disconnected after one hour, but this can be changed by using the “-IdleTimeout” option in the server_args line in /etc/xinetd.d/Xvnc. For example, you can add “-IdleTimeout 300″ to change it to 5 minutes. The method I used in Fedora will allow multiple users, each with their own port and session. I’m guessing something similar could be done here. Since I’m the only one connecting remotely on my network, I’m not going to worry about it right now. What about that Fedora install? The Fedora install is fading in to the past and I won’t be posting a HOWTO for it, but here are two pages that I think gave me just about everything I needed: * Set up the VNC Server in Fedora http://www.g-loaded.eu/2005/11/10/configure-vnc-server-in-fedora/ * Configuring the VNC server/viewer in Linux. http://www.bobpeers.com/linux/vnc